CVE-2024-47182 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2024-47182

CVE-2024-47182

September 27, 2024

Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3.

Related Resources (5)

https://github.com/amir20/dozzle

https://github.com/amir20/dozzle/commit/de79f03aa3dbe5bb1e154a7e8d3dccbd229f3ea3

https://github.com/amir20/dozzle/security/advisories/GHSA-w7qr-q9fh-fj35

https://pkg.go.dev/vuln/GO-2024-3163

https://nvd.nist.gov/vuln/detail/CVE-2024-47182

Do you need more information?

CVSS v4

Base Score:

6.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

LOW

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

Exploit Maturity

UNREPORTED

CVSS v3

Base Score:

4.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Weakness Type (CWE)

Inadequate Encryption Strength

CWE-326

Use of Weak Hash

CWE-328

EPSS

Base Score:

0.20

Products

Solutions

Resources

Company

Compare

Developer Tools